With so many access points, from cell phones and laptops to home computers, how can anyone hope to keep their network safe from hackers, malware and unintentional security breaches?
The answer isn’t “one thing” but a series of things you have to do, and keep an eye on, such as installing and keeping your firewall, antimalware, spam-filtering software and backups up to date. That’s why clients hire us – it’s a full-time job for someone with specific expertise, like HBBTech.
Once your security tools are in place, the next thing you can do is create an Acceptable Use Policy (AUP) and TRAIN your employees on how to use company devices and personal devices. And again, it’s important to keep an eye on your staff to make sure they are following the AUP. Make sure each and every employees has been given a copy, have them sign it and put it in their personnel file.
They should also be informed about your security protocols, such as never accessing company e-mail, data or applications from unprotected personal devices such as personal laptops, tablets and smartphones.
Also, make sure you provide policies and training for how to create good passwords, how to recognize a phishing e-mail, what websites to never access, etc.
NEVER assume your employees know everything they need to know about IT security. Threats are continually evolving, and attacks are getting more sophisticated by the minute.
Here are 7 ideas you need to include in your IT Security Policy:
Avoid Password Re-Use
Use a different password for each login you access and make it secure and complex. If you don’t know what a secure password is by now, call us at 636-542-8653.
Use a password manager (like PassPortal, LastPass, or others that are available) to manage your passwords, and ensure you use a complex passphrase to login to your password manager.
Don’t use your work username/password combination for personal systems.
Where Possible, Use Multi-Factor Authentication
You should require this for all your business systems, but it’s also increasingly available for personal systems as well. Google Two-Step Verification is available for Android and Apple phones/tablets and provides two-factor authentication to Google applications.
Don’t Click On Links!
Just like your bank will never email you a link that asks you to enter your name, social security number, and/or password into a form full of spelling mistakes, neither will any other reputable vendor or service provider.
Instead of following emailed instructions to call or click, you should go directly to the website or call from a number you have on file. Phishing and spear phishing are rampant today and are used to collect data or propagate malware.
Don’t Use Public Wi-Fi
If you use a computer, cellphone, or tablet on a public Wi-Fi, are you secure? Usually, maybe. But cheap technology exists to create fake Wi-Fi hotspots that capture your network traffic, usernames, and passwords.
This applies at coffee shops, train stations, airports, shopping malls, and anywhere else with “free” Wi-Fi. In these places, think carefully about transmitting a username and password without additional protection.
Keep Your Devices Close, And Think About What’s Stored On Them
If you lose a cellphone, do you have the ability to wipe its contents? What if its data is compromised before you can do that? Always know the location of your phone, tablet, computer, etc. – both business and personal devices.
Keep Your Devices Patched!
Your business is (hopefully) patching your computer regularly—you should do the same for your home computer(s) and other devices.
Undisclosed and uncorrected computer application vulnerabilities are an on-going threat and may involve additional patches out of sequence to the usual patch release cycle. This kind of threat is usually well publicized across the web as are the updates to patch them. Do you know where to look for them? Or should you be turning that over to professionals?
What If You Do Get Attacked?
If you think a breach or other failure has occurred, talk to somebody, such as your computer security provider or attorney, and if appropriate, call your bank’s fraud hotline. The sooner an incident response starts, the greater the chance of managing the incident successfully and minimizing fines and other damages.
According to an IT industry blog, a Verizon Data Breach Report said “… we find that most of the attacks make use of stolen credentials…” and “Over 95% of these incidents involve harvesting credentials from targeted devices, then logging in to web applications with them.” “Attackers who get into a system can be there for up to 205 days on average before their presence is known.”
These Security Tips are a great way to keep your employees informed, but you STILL need a good Acceptable Use Policy in place and training for everyone in your business, whether they are in your physical office or working remotely. If they have access to your data, they need to be included in your policies and trainings.
If you’d like our help developing policies and trainings for your company, based on best practices, call us at 636-542-8653 or send us an email to [email protected] - you’ll be glad you did.
That’s it for Tip #21
Next week’s Tip will be:
“WATCH THIS Before You Do Any More Online Banking!”
Remember – It ain’t poisonal... it's jus bidness. ‘Til next time.